Skip to main content
  • Log in
  • Manage Cookies
Eclipse Foundation
Download
  • Projects
  • Working Groups
  • Members
  • Community
    • Marketplace
    • Events
    • Planet Eclipse
    • Newsletter
    • Videos
    • Blogs
  • Participate
    • Report a Bug
    • Forums
    • Mailing Lists
    • Wiki
    • IRC
    • Research
  • Eclipse IDE
    • Download
    • Learn More
    • Documentation
    • Getting Started / Support
    • How to Contribute
    • IDE and Tools
    • Newcomer Forum
  • More
      • Community

      • Marketplace
      • Events
      • Planet Eclipse
      • Newsletter
      • Videos
      • Blogs
      • Participate

      • Report a Bug
      • Forums
      • Mailing Lists
      • Wiki
      • IRC
      • Research
      • Eclipse IDE

      • Download
      • Learn More
      • Documentation
      • Getting Started / Support
      • How to Contribute
      • IDE and Tools
      • Newcomer Forum
  1. Home
  2. Blogs
  3. Mike Milinkovich's blog
  4. Open Source Security at the Eclipse Foundation

Open Source Security at the Eclipse Foundation

Sunday, June 19, 2022 - 19:28 by Mike Milinkovich

Open source software is the single most important engine for innovation today. The ability to freely combine software components, frameworks, and platforms frees developers from constantly reinventing the wheel and allows them to focus on the new innovations that users want. Free software also enables business models to scale in ways that proprietary software would never allow. Globally and in all sectors of the economy, building on top of open source software is the dominant approach to delivering successful software systems today. 

However, with great success comes great responsibility. From Heartbleed to SolarWinds to Log4j, securing open source software and its global supply chain has never been more important. The reasons for this are many, but among them is that for too long open source has been treated by many of its consumers as “free as in free beer” where they should have been treating it as “free as in a free puppy.” Contributing to the sustainability of the projects and communities that deliver open source is really no longer a choice. It is a necessity.

At the Eclipse Foundation, we believe that foundations have a role to play in addressing the challenges of securing open source and its supply chain. Specifically, we want to provide services to our projects that help improve their security posture. But doing so requires additional staff and resources. That’s why we are so grateful for the financial support from the OpenSSF’s Alpha-Omega project, being announced today. This money will allow us to start building a team to roll out many of the ideas in our Open Source Software Supply Chain Best Practices document under the leadership of Mikael Barbero, our Head of Security. 

Some of the ways that we are going to put this funding to good use include:

  • Automate the generation of static source-based SBOMs for all Eclipse Foundation project repositories.
  • Implement a SLSA-based project badging program for Eclipse Foundation projects.
  • Initiate a number of security audits for high-profile Eclipse Foundation projects.

We are also going to provide regular and public updates to the community about our progress and initiatives.

Software security is a never-ending process. This funding is the first step in a journey. We appreciate the support of the Alpha-Omega project, and are committed to using it effectively. 

Tags: 
Foundation
Open Source
Eclipse Foundation
security
Source: 
http://eclipse-foundation.blog/
  • Mike Milinkovich's blog

Eclipse Foundation Blogs

  • Wayne Beaton (818 posts)
  • Mike Milinkovich (314 posts)
  • Ivar Grimstad (187 posts)
  • Benjamin Cabé (131 posts)
  • Tanja Obradovic (53 posts)
  • Thabang Mashologu (37 posts)
  • Paul Buck (19 posts)
  • Frédéric Desbiens (19 posts)
  • Brian King (19 posts)
  • Christopher Guindon (15 posts)
  • Gael Blondelle (14 posts)
  • John Kellerman (11 posts)
  • Hailley Seed (10 posts)
  • Denis Roy (9 posts)
  • Mikaël Barbero (9 posts)
  • Hudson Kelly (8 posts)
  • Michael Plagge (3 posts)
  • Shabnam Mayel (3 posts)
  • Shanda Giacomoni (3 posts)
  • Jacob Harris (2 posts)
  • Stephanie Swart (1 posts)
  • Clark Roundy (1 posts)
  • Sharon Corbett (1 posts)
  • Paul White (1 posts)

Recent blog posts

  • Eclipse Foundation Celebrates Pride Month
  • Hashtag Jakarta EE #130
  • Open Source Security at the Eclipse Foundation
  • Hashtag Jakarta EE #129
  • We Are Developers World Congress 2022
  • JNation 2022
  • Almost there! Jakarta EE 10 is nearly ready, and the celebrations have already started!
  • Eclipse Cloud DevTools Contributor Award: Eclipse Theia Blueprint
  • Hashtag Jakarta EE #128
  • Early Bird Talks at EclipseCon 2022 in Ludwigsburg
More

Eclipse Foundation

  • About Us
  • Contact Us
  • Donate
  • Members
  • Governance
  • Code of Conduct
  • Logo and Artwork
  • Board of Directors

Legal

  • Privacy Policy
  • Terms of Use
  • Copyright Agent
  • Eclipse Public License
  • Legal Resources

Useful Links

  • Report a Bug
  • Documentation
  • How to Contribute
  • Mailing Lists
  • Forums
  • Marketplace

Other

  • IDE and Tools
  • Projects
  • Working Groups
  • Research@Eclipse
  • Report a Vulnerability
  • Service Status

Copyright © Eclipse Foundation. All Rights Reserved.

Back to the top